yurilima/Alpha
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First comit

Browse Source
This commit is contained in:
Yuri-Lima
2025-08-13 10:17:06 +02:00
parent b54fa7ec76
commit 26b6c91b3b
20 changed files with 2420 additions and 417 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env Normal file → Executable file
View File

@@ -20,8 +20,6 @@ PGADMIN_DEFAULT_PASSWORD=XDjhSX7H7z
SUPER_ADMIN_USER_PASSWORD=akuuURkxM7 SUPER_ADMIN_USER_PASSWORD=akuuURkxM7
# ====== Redis Configuration ====== # ====== Redis Configuration ======
REDIS_PASSWORD=admin REDIS_PASSWORD=admin
# ====== Worker Configuration ======
RUN_JOB_QUEUE=0
# ===== Metris Configuration ====== # ===== Metris Configuration ======
# Loki API URL -> The IP 5.75.153.161 is the Grafana Server where it has a firewall rule to allow the connection. Please, if you change here, need to be change in NGINX too. # Loki API URL -> The IP 5.75.153.161 is the Grafana Server where it has a firewall rule to allow the connection. Please, if you change here, need to be change in NGINX too.
LOKI_URL=http://grafana.phx-erp.de:3100/loki/api/v1/push LOKI_URL=http://grafana.phx-erp.de:3100/loki/api/v1/push

0
.gitignore vendored Normal file → Executable file
View File

0
alpha_backup.sql Normal file → Executable file
View File

0
backups/dump_db.sql Normal file → Executable file
View File

0
backups/dump_db_1.sql Normal file → Executable file
View File

87
crash_diagnose.sh Normal file
View File

@@ -0,0 +1,87 @@
#!/bin/bash
set -euo pipefail
YELLOW='\033[1;33m'
RED='\033[1;31m'
NC='\033[0m' # No color
echo -e "📦 ${YELLOW}PHX Crash Diagnostic Tool (Docker + Linux Server)${NC}"
echo "🔍 Boot Timeline:"
journalctl --list-boots | head -3
echo -e "\n⚠ OOM Kills:"
journalctl -b -1 | grep -i 'killed process' || echo "None found."
echo -e "\n⚠ Out of Memory Events:"
journalctl -b -1 | grep -i 'out of memory' || echo "None found."
echo -e "\n⚠ systemd-oomd Events:"
journalctl -b -1 | grep systemd-oomd || echo "None found."
echo -e "\n🔥 CPU/Load Pressure (dmesg/syslog):"
journalctl -b -1 | grep -Ei 'cpu|load average|soft lockup|hung task' || echo "None found."
echo -e "\n🚨 System Errors (priority 03):"
journalctl -b -1 -p 3..0 || echo "None found."
if command -v docker &> /dev/null && docker info >/dev/null 2>&1; then
echo -e "\n🐳 Docker detected and running."
CONTAINERS=$(docker ps -aq)
if [[ -z "$CONTAINERS" ]]; then
echo -e "\n⚠ No containers found. Skipping container-specific diagnostics."
else
echo -e "\n🐳 Docker OOM-Killed Containers:"
docker inspect $CONTAINERS 2>/dev/null | grep -B10 '"OOMKilled": true' || echo "No containers were OOMKilled."
echo -e "\n🔁 Recently Restarted Containers:"
docker ps -a --format '{{.Names}}\t{{.Status}}' | grep -i 'restarted' || echo "No recent restarts."
echo -e "\n📉 Top 5 Containers by Memory Usage (now):"
docker stats --no-stream --format "table {{.Name}}\t{{.MemUsage}}" | sort -k2 -hr | head -n 6
echo -e "\n📈 Top 5 Containers by CPU Usage (now):"
docker stats --no-stream --format "table {{.Name}}\t{{.CPUPerc}}" | sort -k2 -hr | head -n 6
echo -e "\n📋 Docker Container Memory Limits:"
docker inspect $CONTAINERS --format '{{ .Name }}: {{ .HostConfig.Memory }} bytes' | grep -v ': 0' || echo "None set"
echo -e "\n📋 Containers With No Memory Limit:"
docker inspect $CONTAINERS --format '{{ .Name }}: {{ .HostConfig.Memory }}' | awk '$2 == 0 {print $1}'
echo -e "\n📝 Last 100 Log Lines from PHX Containers:"
for name in $(docker ps -a --format '{{.Names}}' | grep -i 'phoenix\|pgadmin\|postgres'); do
echo -e "\n--- Logs for $name ---"
docker logs --tail=100 "$name" 2>/dev/null || echo "No logs for $name"
done
fi
else
echo -e "\n🐳 ${RED}Docker is not installed or not running.${NC}"
fi
# Historical CPU/memory usage with 'sar'
if command -v sar &> /dev/null; then
echo -e "\n📊 Analyzing Memory and CPU Usage via sar (last 60 mins if possible)..."
echo -e "\n🔍 Memory Usage (High Usage if >90%):"
sar -r | awk '
BEGIN { OFS="\t"; print "Time", "%memused", "%commit", "Status" }
/^[0-9]/ {
memused = $4; commit = $8;
status = (memused+0 > 90 || commit+0 > 95) ? "⚠️ HIGH" : "OK";
printf "%s\t%s%%\t%s%%\t%s\n", $1, memused, commit, status;
}'
echo -e "\n🔍 CPU Usage (High if %idle < 10 or %system > 90):"
sar -u | awk '
BEGIN { OFS="\t"; print "Time", "%user", "%system", "%idle", "Status" }
/^[0-9]/ {
user = $3; sys = $5; idle = $8;
status = (idle+0 < 10 || sys+0 > 90) ? "⚠️ HIGH" : "OK";
printf "%s\t%s%%\t%s%%\t%s%%\t%s\n", $1, user, sys, idle, status;
}'
else
echo -e "\n 'sar' (sysstat) is not installed. Skipping historical CPU/memory analysis."
fi
echo -e "\n✅ ${YELLOW}Done. Use this script after crashes or schedule it in cron for proactive monitoring.${NC}"

0
docker-compose copy.yaml Normal file → Executable file
View File

0
docker-compose-OLD.yaml Normal file → Executable file
View File

261
docker-compose.yaml
View File

@@ -1,5 +1,45 @@
--- ---
services: services:
postgres-auto-upgrade:
profiles:
- postgres-upgrade # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_auto_upgrade
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./postgres_upgrade.sh &&
./postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres-auto-rollback:
profiles:
- postgres-rollback # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_rollback
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./rollback_postgres_upgrade.sh &&
./rollback_postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres: postgres:
restart: always restart: always
image: "postgres:15.1-alpine" image: "postgres:15.1-alpine"
@@ -19,6 +59,19 @@ services:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes: volumes:
- "./database:/var/lib/postgresql/data" - "./database:/var/lib/postgresql/data"
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.75" # Maximum CPU cores (75% of one core)
# memory: 768M # Maximum memory usage (768 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.25" # Reserved CPU cores (25% of one core)
# memory: 256M # Reserved memory (256 megabytes)
healthcheck: healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres" ] test: [ "CMD-SHELL", "pg_isready -U postgres" ]
interval: 5s # Time between each health check interval: 5s # Time between each health check
@@ -26,7 +79,7 @@ services:
retries: 5 # Grace period before health checks start retries: 5 # Grace period before health checks start
pgadmin: pgadmin:
restart: always restart: always
image: dpage/pgadmin4 image: dpage/pgadmin4:9.6.0
container_name: pgadmin4-ui container_name: pgadmin4-ui
user: "5050:5050" user: "5050:5050"
# logging: # logging:
@@ -78,6 +131,21 @@ services:
volumes: volumes:
- ./pgadmin/data:/var/lib/pgadmin - ./pgadmin/data:/var/lib/pgadmin
- ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro - ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro
mem_limit: 512M
memswap_limit: 512M
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "1.0" # Maximum CPU cores (100% of one core)
memory: 512M # Maximum memory usage (512 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.15" # Reserved CPU cores (15% of one core)
memory: 250M # Reserved memory (250 megabytes)
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"] entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
depends_on: depends_on:
postgres: postgres:
@@ -87,7 +155,7 @@ services:
interval: 15s interval: 15s
timeout: 10s timeout: 10s
retries: 5 retries: 5
start_period: 60s start_period: 120s
phoenix-app: phoenix-app:
restart: always restart: always
image: "phxerp/phoenix-app:alpha" image: "phxerp/phoenix-app:alpha"
@@ -102,15 +170,25 @@ services:
# loki-batch-size: "${LOKI_BATCH_SIZE}" # loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-app,env=prod,project=phoenix" # loki-external-labels: "service=phx-app,env=prod,project=phoenix"
volumes: volumes:
- "/opt/containers/phx/app_custom:/usr/share/nginx/html/assets/custom" - ./app_custom:/usr/share/nginx/html/assets/custom
- "/opt/containers/phx/nginx/nginx.conf:/etc/nginx/nginx.conf" # - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Uncomment this if you want to use override the default nginx.conf
- ./nginx/includes:/etc/nginx/includes:ro # - ./nginx/includes:/etc/nginx/includes:ro # Uncomment this if you want to use override the default includes
networks: networks:
- backend - backend
- frontend - frontend
depends_on: # deploy:
pgadmin: # restart_policy: # Define how the service should restart when it fails
condition: service_healthy # condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.35" # Maximum CPU cores (35% of one core)
# memory: 384M # Maximum memory usage (384 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.10" # Reserved CPU cores (10% of one core)
# memory: 128M # Reserved memory (128 megabytes)
healthcheck: healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root
interval: 10s # check every 10 seconds interval: 10s # check every 10 seconds
@@ -118,7 +196,7 @@ services:
retries: 5 # mark as unhealthy after 5 failures retries: 5 # mark as unhealthy after 5 failures
start_period: 15s # wait 15 seconds after container start before checking start_period: 15s # wait 15 seconds after container start before checking
phoenix-system: phoenix-system:
restart: "no" restart: always
image: "phxerp/phoenix-system:alpha" image: "phxerp/phoenix-system:alpha"
# logging: # logging:
# driver: loki # driver: loki
@@ -128,17 +206,32 @@ services:
# loki-batch-size: "${LOKI_BATCH_SIZE}" # loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phoenix-system,env=prod" # loki-external-labels: "service=phoenix-system,env=prod"
environment: environment:
- "DB_HOST=phoenixDB" - "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}" - "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}" - "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=postgres" - "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}" - "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- "REDIS_PASSWORD=${REDIS_PASSWORD}" - "REDIS_PASSWORD=${REDIS_PASSWORD}"
- RUN_JOB_QUEUE=${RUN_JOB_QUEUE}
- NODE_ENV=${NODE_ENV} - NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ["npm", "run", "start:server"] command: ["npm", "run", "start:server"]
deploy: deploy:
replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "1.50" # Maximum CPU cores (150% of one core)
# memory: 1600M # Maximum memory usage (1600 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.50" # Reserved CPU cores (50% of one core)
# memory: 768M # Reserved memory (768 megabytes)
networks: networks:
backend: backend:
aliases: aliases:
@@ -151,15 +244,15 @@ services:
healthcheck: healthcheck:
test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status
interval: 10s # Time between each health check interval: 10s # Time between each health check
timeout: 6s # Max time to wait for each check timeout: 10s # Max time to wait for each check
retries: 10 # Number of failures before marking as unhealthy retries: 20 # Number of failures before marking as unhealthy
start_period: 40s # Grace period before health checks start start_period: 60s # Grace period before health checks start
volumes: volumes:
- "./assets:/usr/src/app/packages/dev-server/assets" - "./assets:/usr/src/app/packages/dev-server/assets"
- "/opt/containers/phx/server_custom:/usr/src/app/packages/dev-server/custom" # it seems tobe no effect if we make changes, not 100% of sure! - "./server_custom:/usr/src/app/packages/dev-server/custom"
- "./logs:/usr/src/app/packages/dev-server/logs" # - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-worker: phoenix-worker:
restart: "no" restart: always
image: "phxerp/phoenix-system:alpha" image: "phxerp/phoenix-system:alpha"
container_name: "phoenix-worker" container_name: "phoenix-worker"
ports: ports:
@@ -174,14 +267,31 @@ services:
networks: networks:
- backend - backend
environment: environment:
- DB_HOST=phoenixDB - "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}" - "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}" - "DB_PASSWORD=${POSTGRES_PASSWORD}"
- DB_USERNAME=postgres - "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}" - "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_PASSWORD=${REDIS_PASSWORD}
- NODE_ENV=${NODE_ENV} - NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ['npm', 'run', 'start:worker'] command: ['npm', 'run', 'start:worker']
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: '2.0' # Maximum CPU cores (200% of one core)
# memory: 2G # Maximum memory usage (2 gigabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: '0.5' # Reserved CPU cores (50% of one core)
# memory: 512M # Reserved memory (512 megabytes)
depends_on: depends_on:
phoenix-system: phoenix-system:
condition: service_healthy condition: service_healthy
@@ -194,14 +304,13 @@ services:
retries: 20 # Grace period before health checks start retries: 20 # Grace period before health checks start
start_period: 30s # Grace period before health checks start start_period: 30s # Grace period before health checks start
volumes: volumes:
# - "/opt/containers/phx/assets:/usr/src/app/packages/dev-server/custo/assets"
- "./assets:/usr/src/app/packages/dev-server/assets" - "./assets:/usr/src/app/packages/dev-server/assets"
- "/opt/containers/phx/server_custom:/usr/src/app/packages/dev-server/custom" - "./server_custom:/usr/src/app/packages/dev-server/custom"
- "./logs:/usr/src/app/packages/dev-server/logs" # - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-redis: phoenix-redis:
image: 'bitnami/redis:latest' image: 'bitnami/redis:latest'
container_name: redis container_name: redis
command: /opt/bitnami/scripts/redis/run.sh --maxmemory 100mb command: /opt/bitnami/scripts/redis/run.sh # Not good, but as agreed. At some point i can start using this: --maxmemory + add eviction policy
user: root user: root
# logging: # logging:
# driver: loki # driver: loki
@@ -216,16 +325,32 @@ services:
environment: environment:
ALLOW_EMPTY_PASSWORD: "no" ALLOW_EMPTY_PASSWORD: "no"
REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_PASSWORD: ${REDIS_PASSWORD}
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.25" # Maximum CPU cores (25% of one core)
# memory: 100M # Maximum memory usage (100 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.05" # Reserved CPU cores (5% of one core)
# memory: 32M # Reserved memory (32 megabytes)
healthcheck: healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ] test: [
"CMD-SHELL",
"redis-cli --no-auth-warning -a ${REDIS_PASSWORD} ping | grep PONG && test -w /bitnami/redis/data"
]
interval: 5s interval: 5s
retries: 10 # Increase retries if Redis takes a while to start retries: 10
timeout: 5s # Increase timeout if needed timeout: 5s
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
volumes: volumes:
- /opt/containers/phx/redis/data:/bitnami/redis/data - "./redis/data:/bitnami/redis/data"
phoenix-health-exporter: phoenix-health-exporter:
image: phxerp/phoenix-health-exporter:alpha image: phxerp/phoenix-health-exporter:alpha
container_name: health_exporter container_name: health_exporter
@@ -244,6 +369,7 @@ services:
DB_NAME: ${DB_NAME} DB_NAME: ${DB_NAME}
DB_PASSWORD: ${POSTGRES_PASSWORD} DB_PASSWORD: ${POSTGRES_PASSWORD}
DB_USERNAME: ${DB_USERNAME} DB_USERNAME: ${DB_USERNAME}
REDIS_PASSWORD: ${REDIS_PASSWORD}
networks: networks:
- frontend - frontend
- backend - backend
@@ -251,11 +377,20 @@ services:
- /etc/hostname:/etc/host_hostname:ro # This ensures the container always uses the real machine hostname, even if restarted or recreated. - /etc/hostname:/etc/host_hostname:ro # This ensures the container always uses the real machine hostname, even if restarted or recreated.
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
memswap_limit: 512M
deploy: deploy:
resources: restart_policy: # Define how the service should restart when it fails
limits: condition: on-failure # Only restart if the container exits with a non-zero code
cpus: '0.25' delay: 5s # Wait 5 seconds before attempting to restart
memory: 128M max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on: depends_on:
phoenix-system: phoenix-system:
condition: service_healthy condition: service_healthy
@@ -296,11 +431,23 @@ services:
- "/:/host:ro,rslave" - "/:/host:ro,rslave"
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
memswap_limit: 512M
deploy: deploy:
resources: restart_policy: # Define how the service should restart when it fails
limits: condition: on-failure # Only restart if the container exits with a non-zero code
cpus: '0.25' delay: 5s # Wait 5 seconds before attempting to restart
memory: 128M max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.25" # Maximum CPU cores (25% of one core)
memory: 128M # Maximum memory usage (128 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.05" # Reserved CPU cores (5% of one core)
memory: 32M # Reserved memory (32 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the node-exporter if the phoenix-worker is not healthy yet.
condition: service_healthy
healthcheck: healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost:9100/metrics"] test: ["CMD", "wget", "-qO-", "http://localhost:9100/metrics"]
interval: 15s interval: 15s
@@ -321,7 +468,7 @@ services:
# ports: # ports:
# - "9113:9113" # Restrict to only allow access from Grafana Server IP # - "9113:9113" # Restrict to only allow access from Grafana Server IP
# command: # command:
# - '--nginx.scrape-uri=http://phoenixApp/stub_status' # - '--nginx.scrape-uri=http://phoenix-app/stub_status'
# security_opt: # security_opt:
# - no-new-privileges:true # - no-new-privileges:true
# deploy: # deploy:
@@ -371,12 +518,27 @@ services:
- ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs - ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
- ./https_portal/log:/var/log/nginx # nginx logs - ./https_portal/log:/var/log/nginx # nginx logs
# - ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path # - ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path
memswap_limit: 512M
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on: depends_on:
pgadmin: # pgadmin:
condition: service_healthy # condition: service_healthy
postgres: postgres:
condition: service_healthy condition: service_healthy
fail2ban: fail2ban:
restart: always
image: crazymax/fail2ban:latest image: crazymax/fail2ban:latest
container_name: fail2ban container_name: fail2ban
network_mode: 'host' network_mode: 'host'
@@ -387,10 +549,23 @@ services:
- ./fail2ban/data:/data - ./fail2ban/data:/data
- ./fail2ban/jail.d:/etc/fail2ban/jail.d - ./fail2ban/jail.d:/etc/fail2ban/jail.d
- /var/log:/var/log:ro - /var/log:/var/log:ro
restart: always memswap_limit: 512M
deploy:
volumes: restart_policy: # Define how the service should restart when it fails
asset-data: null condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 100M # Maximum memory usage (100 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 35M # Reserved memory (32 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the fail2ban if the phoenix-worker is not healthy yet.
condition: service_healthy
networks: networks:
backend: backend:

583
docker-compose.yaml.1923550.2025-07-30@18:08:43~ Executable file
View File

@@ -0,0 +1,583 @@
---
services:
postgres-auto-upgrade:
profiles:
- postgres-upgrade # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_auto_upgrade
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./postgres_upgrade.sh &&
./postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres-auto-rollback:
profiles:
- postgres-rollback # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_rollback
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./rollback_postgres_upgrade.sh &&
./rollback_postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres:
restart: always
image: "postgres:15.1-alpine"
container_name: phoenixDB # Hostname
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-postgres,env=prod"
networks:
- backend
environment:
DEBUG: true
POSTGRES_DB: ${DB_NAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- "./database:/var/lib/postgresql/data"
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.75" # Maximum CPU cores (75% of one core)
# memory: 768M # Maximum memory usage (768 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.25" # Reserved CPU cores (25% of one core)
# memory: 256M # Reserved memory (256 megabytes)
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres" ]
interval: 5s # Time between each health check
timeout: 2s # Number of failures before marking as unhealthy
retries: 5 # Grace period before health checks start
pgadmin:
restart: always
image: dpage/pgadmin4
container_name: pgadmin4-ui
user: "5050:5050"
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-pgadmin,env=prod"
networks:
- backend
- frontend
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${SUPER_ADMIN_USER_PASSWORD}
PGADMIN_CONFIG_SERVER_MODE: 'True'
PGADMIN_CONFIG_WSGI_SCRIPT_NAME: "'/pgadmin4'"
PGADMIN_CONFIG_PROXY_X_PROTO_COUNT: 1
PGADMIN_SERVER_JSON_FILE: '/var/lib/pgadmin/servers.json'
PGADMIN_REPLACE_SERVERS_ON_STARTUP: 'True'
PGADMIN_CONFIG_DATA_DIR: "'/var/lib/pgadmin'"
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
# pgpass dynamic vars
PGPASSFILE: /var/lib/pgadmin/pgpass
PGPASS_HOST: ${DB_HOST}
PGPASS_PORT: ${DB_PORT}
PGPASS_DB: ${DB_NAME}
PGPASS_USER: ${DB_USERNAME}
PGPASS_PASSWORD: ${POSTGRES_PASSWORD}
# Other config
ALLOW_SAVE_PASSWORD: 'False'
MFA_ENABLED: 'True'
MFA_FORCE_REGISTRATION: 'False'
MFA_SUPPORTED_METHODS: 'email'
MFA_EMAIL_SUBJECT: 'Your MFA code by PHX-ERP'
MAX_LOGIN_ATTEMPTS: 5
ENHANCED_COOKIE_PROTECTION: 'True'
SHOW_GRAVATAR_IMAGE: 'True'
SECURITY_EMAIL_SENDER: ${SECURITY_EMAIL_SENDER}
MAIL_SERVER: ${MAIL_SERVER}
MAIL_PORT: ${MAIL_PORT}
MAIL_USE_SSL: 'False'
MAIL_USE_TLS: 'False'
MAIL_USERNAME: ${MAIL_USERNAME}
MAIL_PASSWORD: ${MAIL_PASSWORD}
MAIL_DEBUG: 'False'
volumes:
- ./pgadmin/data:/var/lib/pgadmin
- ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "1.0" # Maximum CPU cores (100% of one core)
memory: 512M # Maximum memory usage (512 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.15" # Reserved CPU cores (15% of one core)
memory: 128M # Reserved memory (128 megabytes)
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-O", "-", "http://localhost:80/misc/ping"]
interval: 15s
timeout: 10s
retries: 5
start_period: 120s
phoenix-app:
restart: always
image: "phxerp/phoenix-app:alpha"
container_name: phoenix-app
ports:
- "3000:3000" # Restrict to only allow access from Grafana Server IP
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-app,env=prod,project=phoenix"
volumes:
- ./app_custom:/usr/share/nginx/html/assets/custom
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Uncomment this if you want to use override the default nginx.conf
# - ./nginx/includes:/etc/nginx/includes:ro # Uncomment this if you want to use override the default includes
networks:
- backend
- frontend
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.35" # Maximum CPU cores (35% of one core)
# memory: 384M # Maximum memory usage (384 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.10" # Reserved CPU cores (10% of one core)
# memory: 128M # Reserved memory (128 megabytes)
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root
interval: 10s # check every 10 seconds
timeout: 5s # allow 5 seconds per check
retries: 5 # mark as unhealthy after 5 failures
start_period: 15s # wait 15 seconds after container start before checking
phoenix-system:
restart: always
image: "phxerp/phoenix-system:alpha"
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phoenix-system,env=prod"
environment:
- "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- "REDIS_PASSWORD=${REDIS_PASSWORD}"
- NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ["npm", "run", "start:server"]
deploy:
replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "1.50" # Maximum CPU cores (150% of one core)
# memory: 1600M # Maximum memory usage (1600 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.50" # Reserved CPU cores (50% of one core)
# memory: 768M # Reserved memory (768 megabytes)
networks:
backend:
aliases:
- phoenix-system
depends_on:
postgres:
condition: service_healthy
phoenix-redis:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status
interval: 10s # Time between each health check
timeout: 6s # Max time to wait for each check
retries: 10 # Number of failures before marking as unhealthy
start_period: 40s # Grace period before health checks start
volumes:
- "./assets:/usr/src/app/packages/dev-server/assets"
- "./server_custom:/usr/src/app/packages/dev-server/custom"
# - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-worker:
restart: always
image: "phxerp/phoenix-system:alpha"
container_name: "phoenix-worker"
ports:
- "3001:3001" # Restrict to only allow access from Grafana Server IP
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-worker,env=prod"
networks:
- backend
environment:
- "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- REDIS_PASSWORD=${REDIS_PASSWORD}
- NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ['npm', 'run', 'start:worker']
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: '2.0' # Maximum CPU cores (200% of one core)
# memory: 2G # Maximum memory usage (2 gigabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: '0.5' # Reserved CPU cores (50% of one core)
# memory: 512M # Reserved memory (512 megabytes)
depends_on:
phoenix-system:
condition: service_healthy
postgres:
condition: service_healthy
healthcheck:
test: [ "CMD-SHELL", "curl -s http://phoenix-worker:3001/health | grep -q '\"status\":\"ok\"'" ] # Check if worker responds with status ok
interval: 10s # Time between each health check
timeout: 6s # Max time to wait for each check
retries: 20 # Grace period before health checks start
start_period: 30s # Grace period before health checks start
volumes:
- "./assets:/usr/src/app/packages/dev-server/assets"
- "./server_custom:/usr/src/app/packages/dev-server/custom"
# - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-redis:
image: 'bitnami/redis:latest'
container_name: redis
command: /opt/bitnami/scripts/redis/run.sh # Not good, but as agreed. At some point i can start using this: --maxmemory + add eviction policy
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-redis,env=prod"
networks:
- backend
restart: always
environment:
ALLOW_EMPTY_PASSWORD: "no"
REDIS_PASSWORD: ${REDIS_PASSWORD}
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.25" # Maximum CPU cores (25% of one core)
# memory: 100M # Maximum memory usage (100 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.05" # Reserved CPU cores (5% of one core)
# memory: 32M # Reserved memory (32 megabytes)
healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
interval: 5s
retries: 10 # Increase retries if Redis takes a while to start
timeout: 5s # Increase timeout if needed
depends_on:
postgres:
condition: service_healthy
volumes:
- type: bind
source: ./redis/data
target: /bitnami/redis/data
bind:
propagation: rshared
phoenix-health-exporter:
image: phxerp/phoenix-health-exporter:alpha
container_name: health_exporter
restart: unless-stopped
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-health-exporter,env=prod"
ports:
- "9800:9800"
environment:
DB_HOST: ${DB_HOST}
DB_NAME: ${DB_NAME}
DB_PASSWORD: ${POSTGRES_PASSWORD}
DB_USERNAME: ${DB_USERNAME}
networks:
- frontend
- backend
volumes:
- /etc/hostname:/etc/host_hostname:ro # This ensures the container always uses the real machine hostname, even if restarted or recreated.
security_opt:
- no-new-privileges:true
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
phoenix-system:
condition: service_healthy
phoenix-worker:
condition: service_healthy
postgres:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:9800/healthz || exit 1"]
interval: 1m
timeout: 5s
retries: 3
start_period: 15s
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-node-exporter,env=prod"
networks:
- metrics
- frontend
restart: unless-stopped
ports:
- "9100:9100" # Restrict to only allow access from Grafana Server IP
command:
- "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys"
- "--path.rootfs=/host"
- "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev)($$|/)"
volumes:
- "/proc:/host/proc:ro"
- "/sys:/host/sys:ro"
- "/:/host:ro,rslave"
security_opt:
- no-new-privileges:true
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.25" # Maximum CPU cores (25% of one core)
memory: 128M # Maximum memory usage (128 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.05" # Reserved CPU cores (5% of one core)
memory: 32M # Reserved memory (32 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the node-exporter if the phoenix-worker is not healthy yet.
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost:9100/metrics"]
interval: 15s
timeout: 5s
retries: 3
start_period: 20s
# nginx-exporter:
# image: nginx/nginx-prometheus-exporter:1.4.2
# container_name: nginx_exporter
# restart: unless-stopped
# # logging:
# # driver: loki
# # options:
# # loki-url: "${LOKI_URL}"
# # loki-retries: "${LOKI_RETRIES}"
# # loki-batch-size: "${LOKI_BATCH_SIZE}"
# # loki-external-labels: "service=phx-nginx-exporter,env=prod"
# ports:
# - "9113:9113" # Restrict to only allow access from Grafana Server IP
# command:
# - '--nginx.scrape-uri=http://phoenix-app/stub_status'
# security_opt:
# - no-new-privileges:true
# deploy:
# resources:
# limits:
# cpus: '0.25'
# memory: 128M
# depends_on:
# phoenix-app:
# condition: service_healthy
# networks:
# - frontend
# - metrics
# healthcheck:
# test: ["CMD", "wget", "-qO-", "http://localhost:9113/metrics"] # Not working as expected
# interval: 15s
# timeout: 5s
# retries: 3
# start_period: 10s
https_portal:
container_name: https_portal
image: "steveltn/https-portal:1.21"
restart: unless-stopped
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-https-portal,env=prod"
networks:
- frontend # [ PgAdmin, Phoenix-App ]
ports:
- "80:80"
- "443:443"
# - host:container
environment:
STAGE: "production" # Use Let's Encrypt production server
WEBSOCKET: "true" # Enable websocket support
DEBUG: "true"
RENEW_MARGIN_DAYS: 30
CLIENT_MAX_BODY_SIZE: 0
SERVER_NAMES_HASH_BUCKET_SIZE: 128 # Increase hash bucket size for server names - good for bigger domains names, if not set correctly, it will throw an error, break the container.
# FORCE_RENEW: 'true'
DOMAINS: "${HTTPS_PORTAL_DOMAINS}"
volumes:
- ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
- ./https_portal/log:/var/log/nginx # nginx logs
# - ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
# pgadmin:
# condition: service_healthy
postgres:
condition: service_healthy
fail2ban:
restart: always
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: 'host'
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ./fail2ban/data:/data
- ./fail2ban/jail.d:/etc/fail2ban/jail.d
- /var/log:/var/log:ro
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the fail2ban if the phoenix-worker is not healthy yet.
condition: service_healthy
networks:
backend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.19.0.0/16
frontend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.20.0.0/16
metrics:
driver: bridge
external: false
ipam:
config:
- subnet: 172.22.0.0/16

580
docker-compose.yaml.1926319.2025-07-30@18:12:28~ Executable file
View File

@@ -0,0 +1,580 @@
---
services:
postgres-auto-upgrade:
profiles:
- postgres-upgrade # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_auto_upgrade
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./postgres_upgrade.sh &&
./postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres-auto-rollback:
profiles:
- postgres-rollback # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_rollback
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./rollback_postgres_upgrade.sh &&
./rollback_postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres:
restart: always
image: "postgres:17.5-alpine"
container_name: phoenixDB # Hostname
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-postgres,env=prod"
networks:
- backend
environment:
DEBUG: true
POSTGRES_DB: ${DB_NAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- "./database:/var/lib/postgresql/data"
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.75" # Maximum CPU cores (75% of one core)
# memory: 768M # Maximum memory usage (768 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.25" # Reserved CPU cores (25% of one core)
# memory: 256M # Reserved memory (256 megabytes)
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres" ]
interval: 5s # Time between each health check
timeout: 2s # Number of failures before marking as unhealthy
retries: 5 # Grace period before health checks start
pgadmin:
restart: always
image: dpage/pgadmin4
container_name: pgadmin4-ui
user: "5050:5050"
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-pgadmin,env=prod"
networks:
- backend
- frontend
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${SUPER_ADMIN_USER_PASSWORD}
PGADMIN_CONFIG_SERVER_MODE: 'True'
PGADMIN_CONFIG_WSGI_SCRIPT_NAME: "'/pgadmin4'"
PGADMIN_CONFIG_PROXY_X_PROTO_COUNT: 1
PGADMIN_SERVER_JSON_FILE: '/var/lib/pgadmin/servers.json'
PGADMIN_REPLACE_SERVERS_ON_STARTUP: 'True'
PGADMIN_CONFIG_DATA_DIR: "'/var/lib/pgadmin'"
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
# pgpass dynamic vars
PGPASSFILE: /var/lib/pgadmin/pgpass
PGPASS_HOST: ${DB_HOST}
PGPASS_PORT: ${DB_PORT}
PGPASS_DB: ${DB_NAME}
PGPASS_USER: ${DB_USERNAME}
PGPASS_PASSWORD: ${POSTGRES_PASSWORD}
# Other config
ALLOW_SAVE_PASSWORD: 'False'
MFA_ENABLED: 'True'
MFA_FORCE_REGISTRATION: 'False'
MFA_SUPPORTED_METHODS: 'email'
MFA_EMAIL_SUBJECT: 'Your MFA code by PHX-ERP'
MAX_LOGIN_ATTEMPTS: 5
ENHANCED_COOKIE_PROTECTION: 'True'
SHOW_GRAVATAR_IMAGE: 'True'
SECURITY_EMAIL_SENDER: ${SECURITY_EMAIL_SENDER}
MAIL_SERVER: ${MAIL_SERVER}
MAIL_PORT: ${MAIL_PORT}
MAIL_USE_SSL: 'False'
MAIL_USE_TLS: 'False'
MAIL_USERNAME: ${MAIL_USERNAME}
MAIL_PASSWORD: ${MAIL_PASSWORD}
MAIL_DEBUG: 'False'
volumes:
- ./pgadmin/data:/var/lib/pgadmin
- ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "1.0" # Maximum CPU cores (100% of one core)
memory: 512M # Maximum memory usage (512 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.15" # Reserved CPU cores (15% of one core)
memory: 128M # Reserved memory (128 megabytes)
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-O", "-", "http://localhost:80/misc/ping"]
interval: 15s
timeout: 10s
retries: 5
start_period: 120s
phoenix-app:
restart: always
image: "phxerp/phoenix-app:alpha"
container_name: phoenix-app
ports:
- "3000:3000" # Restrict to only allow access from Grafana Server IP
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-app,env=prod,project=phoenix"
volumes:
- ./app_custom:/usr/share/nginx/html/assets/custom
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Uncomment this if you want to use override the default nginx.conf
# - ./nginx/includes:/etc/nginx/includes:ro # Uncomment this if you want to use override the default includes
networks:
- backend
- frontend
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.35" # Maximum CPU cores (35% of one core)
# memory: 384M # Maximum memory usage (384 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.10" # Reserved CPU cores (10% of one core)
# memory: 128M # Reserved memory (128 megabytes)
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root
interval: 10s # check every 10 seconds
timeout: 5s # allow 5 seconds per check
retries: 5 # mark as unhealthy after 5 failures
start_period: 15s # wait 15 seconds after container start before checking
phoenix-system:
restart: always
image: "phxerp/phoenix-system:alpha"
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phoenix-system,env=prod"
environment:
- "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- "REDIS_PASSWORD=${REDIS_PASSWORD}"
- NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ["npm", "run", "start:server"]
deploy:
replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "1.50" # Maximum CPU cores (150% of one core)
# memory: 1600M # Maximum memory usage (1600 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.50" # Reserved CPU cores (50% of one core)
# memory: 768M # Reserved memory (768 megabytes)
networks:
backend:
aliases:
- phoenix-system
depends_on:
postgres:
condition: service_healthy
phoenix-redis:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status
interval: 10s # Time between each health check
timeout: 10s # Max time to wait for each check
retries: 20 # Number of failures before marking as unhealthy
start_period: 60s # Grace period before health checks start
volumes:
- "./assets:/usr/src/app/packages/dev-server/assets"
- "./server_custom:/usr/src/app/packages/dev-server/custom"
# - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-worker:
restart: always
image: "phxerp/phoenix-system:alpha"
container_name: "phoenix-worker"
ports:
- "3001:3001" # Restrict to only allow access from Grafana Server IP
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-worker,env=prod"
networks:
- backend
environment:
- "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- REDIS_PASSWORD=${REDIS_PASSWORD}
- NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ['npm', 'run', 'start:worker']
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: '2.0' # Maximum CPU cores (200% of one core)
# memory: 2G # Maximum memory usage (2 gigabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: '0.5' # Reserved CPU cores (50% of one core)
# memory: 512M # Reserved memory (512 megabytes)
depends_on:
phoenix-system:
condition: service_healthy
postgres:
condition: service_healthy
healthcheck:
test: [ "CMD-SHELL", "curl -s http://phoenix-worker:3001/health | grep -q '\"status\":\"ok\"'" ] # Check if worker responds with status ok
interval: 10s # Time between each health check
timeout: 6s # Max time to wait for each check
retries: 20 # Grace period before health checks start
start_period: 30s # Grace period before health checks start
volumes:
- "./assets:/usr/src/app/packages/dev-server/assets"
- "./server_custom:/usr/src/app/packages/dev-server/custom"
# - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-redis:
image: 'bitnami/redis:latest'
container_name: redis
command: /opt/bitnami/scripts/redis/run.sh # Not good, but as agreed. At some point i can start using this: --maxmemory + add eviction policy
user: root
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-redis,env=prod"
networks:
- backend
restart: always
environment:
ALLOW_EMPTY_PASSWORD: "no"
REDIS_PASSWORD: ${REDIS_PASSWORD}
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.25" # Maximum CPU cores (25% of one core)
# memory: 100M # Maximum memory usage (100 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.05" # Reserved CPU cores (5% of one core)
# memory: 32M # Reserved memory (32 megabytes)
healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
interval: 5s
retries: 10 # Increase retries if Redis takes a while to start
timeout: 5s # Increase timeout if needed
depends_on:
postgres:
condition: service_healthy
volumes:
- "./redis/data:/bitnami/redis/data"
phoenix-health-exporter:
image: phxerp/phoenix-health-exporter:alpha
container_name: health_exporter
restart: unless-stopped
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-health-exporter,env=prod"
ports:
- "9800:9800"
environment:
DB_HOST: ${DB_HOST}
DB_NAME: ${DB_NAME}
DB_PASSWORD: ${POSTGRES_PASSWORD}
DB_USERNAME: ${DB_USERNAME}
networks:
- frontend
- backend
volumes:
- /etc/hostname:/etc/host_hostname:ro # This ensures the container always uses the real machine hostname, even if restarted or recreated.
security_opt:
- no-new-privileges:true
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
phoenix-system:
condition: service_healthy
phoenix-worker:
condition: service_healthy
postgres:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:9800/healthz || exit 1"]
interval: 1m
timeout: 5s
retries: 3
start_period: 15s
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-node-exporter,env=prod"
networks:
- metrics
- frontend
restart: unless-stopped
ports:
- "9100:9100" # Restrict to only allow access from Grafana Server IP
command:
- "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys"
- "--path.rootfs=/host"
- "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev)($$|/)"
volumes:
- "/proc:/host/proc:ro"
- "/sys:/host/sys:ro"
- "/:/host:ro,rslave"
security_opt:
- no-new-privileges:true
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.25" # Maximum CPU cores (25% of one core)
memory: 128M # Maximum memory usage (128 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.05" # Reserved CPU cores (5% of one core)
memory: 32M # Reserved memory (32 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the node-exporter if the phoenix-worker is not healthy yet.
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost:9100/metrics"]
interval: 15s
timeout: 5s
retries: 3
start_period: 20s
# nginx-exporter:
# image: nginx/nginx-prometheus-exporter:1.4.2
# container_name: nginx_exporter
# restart: unless-stopped
# # logging:
# # driver: loki
# # options:
# # loki-url: "${LOKI_URL}"
# # loki-retries: "${LOKI_RETRIES}"
# # loki-batch-size: "${LOKI_BATCH_SIZE}"
# # loki-external-labels: "service=phx-nginx-exporter,env=prod"
# ports:
# - "9113:9113" # Restrict to only allow access from Grafana Server IP
# command:
# - '--nginx.scrape-uri=http://phoenix-app/stub_status'
# security_opt:
# - no-new-privileges:true
# deploy:
# resources:
# limits:
# cpus: '0.25'
# memory: 128M
# depends_on:
# phoenix-app:
# condition: service_healthy
# networks:
# - frontend
# - metrics
# healthcheck:
# test: ["CMD", "wget", "-qO-", "http://localhost:9113/metrics"] # Not working as expected
# interval: 15s
# timeout: 5s
# retries: 3
# start_period: 10s
https_portal:
container_name: https_portal
image: "steveltn/https-portal:1.21"
restart: unless-stopped
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-https-portal,env=prod"
networks:
- frontend # [ PgAdmin, Phoenix-App ]
ports:
- "80:80"
- "443:443"
# - host:container
environment:
STAGE: "production" # Use Let's Encrypt production server
WEBSOCKET: "true" # Enable websocket support
DEBUG: "true"
RENEW_MARGIN_DAYS: 30
CLIENT_MAX_BODY_SIZE: 0
SERVER_NAMES_HASH_BUCKET_SIZE: 128 # Increase hash bucket size for server names - good for bigger domains names, if not set correctly, it will throw an error, break the container.
# FORCE_RENEW: 'true'
DOMAINS: "${HTTPS_PORTAL_DOMAINS}"
volumes:
- ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
- ./https_portal/log:/var/log/nginx # nginx logs
# - ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
# pgadmin:
# condition: service_healthy
postgres:
condition: service_healthy
fail2ban:
restart: always
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: 'host'
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ./fail2ban/data:/data
- ./fail2ban/jail.d:/etc/fail2ban/jail.d
- /var/log:/var/log:ro
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the fail2ban if the phoenix-worker is not healthy yet.
condition: service_healthy
networks:
backend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.19.0.0/16
frontend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.20.0.0/16
metrics:
driver: bridge
external: false
ipam:
config:
- subnet: 172.22.0.0/16

580
docker-compose.yaml.3576322.2025-08-03@18:18:45~ Executable file
View File

@@ -0,0 +1,580 @@
---
services:
postgres-auto-upgrade:
profiles:
- postgres-upgrade # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_auto_upgrade
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./postgres_upgrade.sh &&
./postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres-auto-rollback:
profiles:
- postgres-rollback # 🟢 This isolates the service
image: alpine:3.19
container_name: postgres_rollback
working_dir: /opt/phx
volumes:
- .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock
entrypoint: >
sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./rollback_postgres_upgrade.sh &&
./rollback_postgres_upgrade.sh"
restart: 'no'
depends_on: []
network_mode: bridge
postgres:
restart: always
image: "postgres:15.1-alpine"
container_name: phoenixDB # Hostname
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-postgres,env=prod"
networks:
- backend
environment:
DEBUG: true
POSTGRES_DB: ${DB_NAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- "./database:/var/lib/postgresql/data"
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.75" # Maximum CPU cores (75% of one core)
# memory: 768M # Maximum memory usage (768 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.25" # Reserved CPU cores (25% of one core)
# memory: 256M # Reserved memory (256 megabytes)
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres" ]
interval: 5s # Time between each health check
timeout: 2s # Number of failures before marking as unhealthy
retries: 5 # Grace period before health checks start
pgadmin:
restart: always
image: dpage/pgadmin4
container_name: pgadmin4-ui
user: "5050:5050"
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-pgadmin,env=prod"
networks:
- backend
- frontend
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${SUPER_ADMIN_USER_PASSWORD}
PGADMIN_CONFIG_SERVER_MODE: 'True'
PGADMIN_CONFIG_WSGI_SCRIPT_NAME: "'/pgadmin4'"
PGADMIN_CONFIG_PROXY_X_PROTO_COUNT: 1
PGADMIN_SERVER_JSON_FILE: '/var/lib/pgadmin/servers.json'
PGADMIN_REPLACE_SERVERS_ON_STARTUP: 'True'
PGADMIN_CONFIG_DATA_DIR: "'/var/lib/pgadmin'"
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
# pgpass dynamic vars
PGPASSFILE: /var/lib/pgadmin/pgpass
PGPASS_HOST: ${DB_HOST}
PGPASS_PORT: ${DB_PORT}
PGPASS_DB: ${DB_NAME}
PGPASS_USER: ${DB_USERNAME}
PGPASS_PASSWORD: ${POSTGRES_PASSWORD}
# Other config
ALLOW_SAVE_PASSWORD: 'False'
MFA_ENABLED: 'True'
MFA_FORCE_REGISTRATION: 'False'
MFA_SUPPORTED_METHODS: 'email'
MFA_EMAIL_SUBJECT: 'Your MFA code by PHX-ERP'
MAX_LOGIN_ATTEMPTS: 5
ENHANCED_COOKIE_PROTECTION: 'True'
SHOW_GRAVATAR_IMAGE: 'True'
SECURITY_EMAIL_SENDER: ${SECURITY_EMAIL_SENDER}
MAIL_SERVER: ${MAIL_SERVER}
MAIL_PORT: ${MAIL_PORT}
MAIL_USE_SSL: 'False'
MAIL_USE_TLS: 'False'
MAIL_USERNAME: ${MAIL_USERNAME}
MAIL_PASSWORD: ${MAIL_PASSWORD}
MAIL_DEBUG: 'False'
volumes:
- ./pgadmin/data:/var/lib/pgadmin
- ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "1.0" # Maximum CPU cores (100% of one core)
memory: 512M # Maximum memory usage (512 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.15" # Reserved CPU cores (15% of one core)
memory: 128M # Reserved memory (128 megabytes)
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-O", "-", "http://localhost:80/misc/ping"]
interval: 15s
timeout: 10s
retries: 5
start_period: 120s
phoenix-app:
restart: always
image: "phxerp/phoenix-app:alpha"
container_name: phoenix-app
ports:
- "3000:3000" # Restrict to only allow access from Grafana Server IP
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-app,env=prod,project=phoenix"
volumes:
- ./app_custom:/usr/share/nginx/html/assets/custom
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Uncomment this if you want to use override the default nginx.conf
# - ./nginx/includes:/etc/nginx/includes:ro # Uncomment this if you want to use override the default includes
networks:
- backend
- frontend
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.35" # Maximum CPU cores (35% of one core)
# memory: 384M # Maximum memory usage (384 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.10" # Reserved CPU cores (10% of one core)
# memory: 128M # Reserved memory (128 megabytes)
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root
interval: 10s # check every 10 seconds
timeout: 5s # allow 5 seconds per check
retries: 5 # mark as unhealthy after 5 failures
start_period: 15s # wait 15 seconds after container start before checking
phoenix-system:
restart: always
image: "phxerp/phoenix-system:alpha"
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phoenix-system,env=prod"
environment:
- "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- "REDIS_PASSWORD=${REDIS_PASSWORD}"
- NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ["npm", "run", "start:server"]
deploy:
replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "1.50" # Maximum CPU cores (150% of one core)
# memory: 1600M # Maximum memory usage (1600 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.50" # Reserved CPU cores (50% of one core)
# memory: 768M # Reserved memory (768 megabytes)
networks:
backend:
aliases:
- phoenix-system
depends_on:
postgres:
condition: service_healthy
phoenix-redis:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status
interval: 10s # Time between each health check
timeout: 10s # Max time to wait for each check
retries: 20 # Number of failures before marking as unhealthy
start_period: 60s # Grace period before health checks start
volumes:
- "./assets:/usr/src/app/packages/dev-server/assets"
- "./server_custom:/usr/src/app/packages/dev-server/custom"
# - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-worker:
restart: always
image: "phxerp/phoenix-system:alpha"
container_name: "phoenix-worker"
ports:
- "3001:3001" # Restrict to only allow access from Grafana Server IP
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-worker,env=prod"
networks:
- backend
environment:
- "DB_HOST=${DB_HOST}"
- "DB_NAME=${DB_NAME}"
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
- "DB_USERNAME=${DB_USERNAME}"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
- REDIS_PASSWORD=${REDIS_PASSWORD}
- NODE_ENV=${NODE_ENV}
- PHX_HOST_NAME=${PHX_HOST_NAME}
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ['npm', 'run', 'start:worker']
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: '2.0' # Maximum CPU cores (200% of one core)
# memory: 2G # Maximum memory usage (2 gigabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: '0.5' # Reserved CPU cores (50% of one core)
# memory: 512M # Reserved memory (512 megabytes)
depends_on:
phoenix-system:
condition: service_healthy
postgres:
condition: service_healthy
healthcheck:
test: [ "CMD-SHELL", "curl -s http://phoenix-worker:3001/health | grep -q '\"status\":\"ok\"'" ] # Check if worker responds with status ok
interval: 10s # Time between each health check
timeout: 6s # Max time to wait for each check
retries: 20 # Grace period before health checks start
start_period: 30s # Grace period before health checks start
volumes:
- "./assets:/usr/src/app/packages/dev-server/assets"
- "./server_custom:/usr/src/app/packages/dev-server/custom"
# - "./logs:/usr/src/app/packages/dev-server/logs"
phoenix-redis:
image: 'bitnami/redis:latest'
container_name: redis
command: /opt/bitnami/scripts/redis/run.sh # Not good, but as agreed. At some point i can start using this: --maxmemory + add eviction policy
user: root
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-redis,env=prod"
networks:
- backend
restart: always
environment:
ALLOW_EMPTY_PASSWORD: "no"
REDIS_PASSWORD: ${REDIS_PASSWORD}
# deploy:
# restart_policy: # Define how the service should restart when it fails
# condition: on-failure # Only restart if the container exits with a non-zero code
# delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.25" # Maximum CPU cores (25% of one core)
# memory: 100M # Maximum memory usage (100 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.05" # Reserved CPU cores (5% of one core)
# memory: 32M # Reserved memory (32 megabytes)
healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
interval: 5s
retries: 10 # Increase retries if Redis takes a while to start
timeout: 5s # Increase timeout if needed
depends_on:
postgres:
condition: service_healthy
volumes:
- "./redis/data:/bitnami/redis/data"
phoenix-health-exporter:
image: phxerp/phoenix-health-exporter:alpha
container_name: health_exporter
restart: unless-stopped
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-health-exporter,env=prod"
ports:
- "9800:9800"
environment:
DB_HOST: ${DB_HOST}
DB_NAME: ${DB_NAME}
DB_PASSWORD: ${POSTGRES_PASSWORD}
DB_USERNAME: ${DB_USERNAME}
networks:
- frontend
- backend
volumes:
- /etc/hostname:/etc/host_hostname:ro # This ensures the container always uses the real machine hostname, even if restarted or recreated.
security_opt:
- no-new-privileges:true
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
phoenix-system:
condition: service_healthy
phoenix-worker:
condition: service_healthy
postgres:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:9800/healthz || exit 1"]
interval: 1m
timeout: 5s
retries: 3
start_period: 15s
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-node-exporter,env=prod"
networks:
- metrics
- frontend
restart: unless-stopped
ports:
- "9100:9100" # Restrict to only allow access from Grafana Server IP
command:
- "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys"
- "--path.rootfs=/host"
- "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev)($$|/)"
volumes:
- "/proc:/host/proc:ro"
- "/sys:/host/sys:ro"
- "/:/host:ro,rslave"
security_opt:
- no-new-privileges:true
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.25" # Maximum CPU cores (25% of one core)
memory: 128M # Maximum memory usage (128 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.05" # Reserved CPU cores (5% of one core)
memory: 32M # Reserved memory (32 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the node-exporter if the phoenix-worker is not healthy yet.
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost:9100/metrics"]
interval: 15s
timeout: 5s
retries: 3
start_period: 20s
# nginx-exporter:
# image: nginx/nginx-prometheus-exporter:1.4.2
# container_name: nginx_exporter
# restart: unless-stopped
# # logging:
# # driver: loki
# # options:
# # loki-url: "${LOKI_URL}"
# # loki-retries: "${LOKI_RETRIES}"
# # loki-batch-size: "${LOKI_BATCH_SIZE}"
# # loki-external-labels: "service=phx-nginx-exporter,env=prod"
# ports:
# - "9113:9113" # Restrict to only allow access from Grafana Server IP
# command:
# - '--nginx.scrape-uri=http://phoenix-app/stub_status'
# security_opt:
# - no-new-privileges:true
# deploy:
# resources:
# limits:
# cpus: '0.25'
# memory: 128M
# depends_on:
# phoenix-app:
# condition: service_healthy
# networks:
# - frontend
# - metrics
# healthcheck:
# test: ["CMD", "wget", "-qO-", "http://localhost:9113/metrics"] # Not working as expected
# interval: 15s
# timeout: 5s
# retries: 3
# start_period: 10s
https_portal:
container_name: https_portal
image: "steveltn/https-portal:1.21"
restart: unless-stopped
# logging:
# driver: loki
# options:
# loki-url: "${LOKI_URL}"
# loki-retries: "${LOKI_RETRIES}"
# loki-batch-size: "${LOKI_BATCH_SIZE}"
# loki-external-labels: "service=phx-https-portal,env=prod"
networks:
- frontend # [ PgAdmin, Phoenix-App ]
ports:
- "80:80"
- "443:443"
# - host:container
environment:
STAGE: "production" # Use Let's Encrypt production server
WEBSOCKET: "true" # Enable websocket support
DEBUG: "true"
RENEW_MARGIN_DAYS: 30
CLIENT_MAX_BODY_SIZE: 0
SERVER_NAMES_HASH_BUCKET_SIZE: 128 # Increase hash bucket size for server names - good for bigger domains names, if not set correctly, it will throw an error, break the container.
# FORCE_RENEW: 'true'
DOMAINS: "${HTTPS_PORTAL_DOMAINS}"
volumes:
- ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
- ./https_portal/log:/var/log/nginx # nginx logs
# - ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
# pgadmin:
# condition: service_healthy
postgres:
condition: service_healthy
fail2ban:
restart: always
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: 'host'
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ./fail2ban/data:/data
- ./fail2ban/jail.d:/etc/fail2ban/jail.d
- /var/log:/var/log:ro
deploy:
restart_policy: # Define how the service should restart when it fails
condition: on-failure # Only restart if the container exits with a non-zero code
delay: 5s # Wait 5 seconds before attempting to restart
max_attempts: 5 # Maximum number of restart attempts before giving up
window: 120s # Time window to evaluate restart attempts (resets counter after this period)
resources: # Resource allocation and limits for the container
limits: # Maximum resources the container can use
cpus: "0.5" # Maximum CPU cores (50% of one core)
memory: 256M # Maximum memory usage (256 megabytes)
reservations: # Guaranteed minimum resources for the container
cpus: "0.1" # Reserved CPU cores (10% of one core)
memory: 64M # Reserved memory (64 megabytes)
depends_on:
phoenix-worker: # This is to avoid alocation of resources to the fail2ban if the phoenix-worker is not healthy yet.
condition: service_healthy
networks:
backend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.19.0.0/16
frontend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.20.0.0/16
metrics:
driver: bridge
external: false
ipam:
config:
- subnet: 172.22.0.0/16

0
helper.md Normal file → Executable file
View File

0
nginx/includes/pgadmin.conf Normal file → Executable file
View File

0
nginx/nginx copy 2.conf Normal file → Executable file
View File

0
nginx/nginx copy.conf Normal file → Executable file
View File

0
nginx/nginx.conf Normal file → Executable file
View File

0
phoenix_backup.sql Normal file → Executable file
View File

0
redis.conf Normal file → Executable file
View File

0
server_custom/xconfig.ts → server_custom/deprecated-config.ts Normal file → Executable file
View File